Authorities warn Cyber fraudsters want to trap you with false invoices
A professional wave of fake invoices is currently in circulation. The Federal Office for Cyber Security warns of a technically sophisticated method that deceives even experienced users.
No time? blue News summarizes for you
- Cyber criminals are sending out deceptively genuine invoice emails with ZIP attachments containing an HTML file instead of a document, which loads malware unnoticed.
- The attackers increase their success rate with a clever combination of elements that suggest security.
- Protection is provided above all by distrust of ZIP archives, the visible display of file extensions and technical blocks for risky file types.
Clicking on an email attachment is a routine part of everyday office life. However, cyber criminals are currently exploiting this habit with a perfection that goes beyond conventional phishing, as the Federal Office for Cyber Security warns. The attackers send e-mails that look almost indistinguishable from genuine business letters. They contain invoice numbers and a short accompanying text.
The decisive difference to legitimate mail lies in the file format. Instead of an ordinary document, recipients receive an archive file in ZIP format. If you open it, you will find an HTML file which, when double-clicked, triggers a dangerous scenario.
The architecture of the deception
The file does not contain a classic form, but a copy of an alleged, older e-mail history. This familiarity is intended to nip the victims' mistrust in the bud. While the user reads the text, the file establishes an unnoticed connection to an external server in the background.
The perpetrators do not deliver the malicious code indiscriminately. The server first checks the victim's operating system and only sends the malware if the conditions for infection are optimal. In addition, the retrieval often only works on the first few accesses, after which the page remains empty. This tactic makes the work of the authorities much more difficult, as empty websites can hardly be used as evidence for blocking.
The psychological trick with the captcha
As soon as the technical hurdles have been overcome, the victim is redirected to a deceptively genuine website. There they are offered to download a supposed PDF invoice. In order to emphasize the seriousness, users must first solve a captcha - a security puzzle that is otherwise known from serious logins.
This psychological trick suggests security where there is none. Only after the captcha has been entered does the actual download of another file start, which, when executed, installs the malware on the computer for good. Attackers use this complicated detour via the browser because modern e-mail programs block active program code, but local browsers often execute it unfiltered.
Protection mechanisms in everyday digital life
Despite the complex camouflage, human action remains a decisive factor in defense. The Confederation emphasizes that reputable companies always send invoices as PDF documents and never in nested ZIP archives or as web files. Double endings in the file name are also a warning signal, for example if a document supposedly ends in PDF but is followed by the ending HTML.
Experts advise activating the display of file endings in the operating system as a matter of principle in order to recognize such deceptions immediately. Companies should also upgrade their technology and consistently block dangerous file types such as archive formats or Office files with macro functions at the digital gateway, the email gateway.
